Data privacy: A tale beyond regulatory compliance
Michael Irene is a data and information governance practitioner based in London, United Kingdom. He is also a Fellow of Higher Education Academy, UK, and can be reached via firstname.lastname@example.org; twitter: @moshoke
November 2, 20201.3K views0 comments
Chioma shouldn’t have sent that document. At least, that’s what her mind tells her daily as she watches the news unfold about her company. She can’t tell her boss about her contribution to the current situation. Her job has been the life-sustaining machinery for her and her family. She knows that the single action she took that day is what caused her company’s corrosive incident.
Her friend, Precious who works at Periwinkle Ltd, updates her about happenings in her company every hour. Periwinkle Ltd’s IT director suspects that Precious added those files onto the existing sales database. But the IT director is unsure because there is no audit trail, and there is no way to ascertain what type of files were open across networks.
There has been a breach in Periwinkle Ltd. Hackers stole data including names, date of births, bank information, and other sensitive information from Periwinkle Ltd. On Twitter and other social media platforms, these details live. Most of the victims don’t’ know Periwinkle Limited. How did they get their data?
On the other hand, Company G keeps getting the call from their customers asking how their data got to Perewinkle Ltd. And what’s worse, some customers have noticed that there have been attempts by unscrupulous individuals to siphon money from their accounts. Some of the customers are unhappy and have taken their grievances to social media and other media outlets.
Company G is a household name. They have been in the pension business for close to twenty-five years, and the Chief Executive Officer and Chief Information Officer are confused and wondering what went wrong. More importantly, they are wondering how the information of customers in their VIP list got leaked.
Meanwhile, Chioma deleted trails on her computer to prevent anything from getting tied to her. She remained mute. There is no internal policy to guide Choima on the right steps to take in this position. It’s not her portion to be sacked. Her only prayer is that the matter dies a natural death and the company bounces back from this.
Choima’s wish fails. The matter deteriorates, and the customers in Company G begin to leave because they don’t trust them and don’t trust all the marketing fluff that they’ve put on their privacy notice.
Customers sued company G, and they want compensation for mismanagement of their data. Company G’s board of directors begin to shiver as the litigation, and the reputation damage begins to affect their share price. They start to ask about the data privacy framework and what preventive measures are in place.
This whole debacle happened when Chioma, a devoted Christian friend to Precious, received a complaint from her friend who is a marketer at Periwinkle Ltd. Precious is struggling to meet her sales target for the quarter, and this is affecting her participation in the church. Because Chioma is kind, she promised to help her friend.
The next day Chioma logs onto her system, downloads the sales file and sends to her friend. Now, thinking about all this, Chioma wished she had never done this. There is no one she can confide in. she keeps her real action to herself and watches as company G burns to the ground. Periwinkle Ltd couldn’t find out where the data came from and they can’t take the liability of Company G’s breach.
The board in Company G begins to suspend C-suite level stakeholders. However, hackers keep hacking the bank accounts of their customers. The board fails to find the best solution for the breach.
Loyal customers leave. Company G’s Business Development Manager knows there is no way to salvage the relationship. Company G broke trust. Their share price drops to an ultimate low, and the embarrassment made staffs change ship.
Data privacy is a business function. It’s not about regulatory compliance alone. It fosters customers trust, and it helps the company build company prepared to protect or correct any security issues arising from data incidents. Failure to embed privacy into business functions can cripple any company.